defenseunicorns / maru-runner

The Unicorn Task Runner
Apache License 2.0
11 stars 1 forks source link

Support authentications for `includes` to remote task files #51

Open JaseKoonce opened 7 months ago

JaseKoonce commented 7 months ago

Environment

Device and OS: N/A App version: uds v0.10.3 Kubernetes distro being used: Other:

Steps to reproduce

  1. Add anincludes to a remote Gitlab task.yaml:

    includes:
    - sshuttle: https://##REMOVED##/##REMOVED##/-/raw/main/uds-tasks/sshuttle.yaml
  2. Run that task

Expected result

You are able to use the remote task file as you would in Github.

Actual Result

It gives the error below

Visual Proof (screenshots, videos, text, etc)

Screenshot 2024-04-17 at 7 43 39 AM

UPDATE: Looking into this more, the redirect is actually to the gitlab login page. Would it be possible to add a way for users to pass credentials for task files behind authentication?

Severity/Priority

low

UncleGedd commented 7 months ago

Thanks for the issue! We'll add it to our backlog

Racer159 commented 6 months ago

(marking as an enhancement to implement authentication rather than a bug - keeping @JaseKoonce 's original issue text though)

ericwyles commented 6 months ago

Hi @JaseKoonce , I've been looking at this today and wanted to check and see how much of an issue this is for you and how high of a priority it is.

It's fairly messy to implement the authentication against private GitLab repositories because GitLab requires a custom header for this and doesn't support basic auth. I discussed with @Racer159 and one thing we are wanting to do anyway is add support for publishing tasks as OCI artifacts and allow importing tasks through OCI as well. If you had that you could import them as OCI instead of trying to import directly from the GitLab raw url.

We wanted to make sure this isn't something you need solved immediately and if it could wait and solve through the OCI support. I did see you noted it as 'low' priority/severity but just wanted to touch base. Thanks!

JaseKoonce commented 6 months ago

Hi @JaseKoonce , I've been looking at this today and wanted to check and see how much of an issue this is for you and how high of a priority it is.

It's fairly messy to implement the authentication against private GitLab repositories because GitLab requires a custom header for this and doesn't support basic auth. I discussed with @Racer159 and one thing we are wanting to do anyway is add support for publishing tasks as OCI artifacts and allow importing tasks through OCI as well. If you had that you could import them as OCI instead of trying to import directly from the GitLab raw url.

We wanted to make sure this isn't something you need solved immediately and if it could wait and solve through the OCI support. I did see you noted it as 'low' priority/severity but just wanted to touch base. Thanks!

@ericwyles Its not a blocker right now just something that would be nice to have in the future. Currently to get around the issue I am cloning my template task files via a CI job and using them for the length of the job. Being able to publish tasks as OCI artifacts would work for us, but I'm not sure that it would be the preferred method. Happy to chat more about use cases if you think that would be helpful. Thank you for looking into this!

ericwyles commented 6 months ago

@JaseKoonce we'll get with you and talk through it when we're closer to picking this up. I'm going to switch gears for a bit, but we'll do the proverbial "circle back" when we are ready! Thanks for the insight!